Blog

Cyberspace remains shrouded in a fog of war

Policy analyst Jeoffrey Houvenaeghel argues that cyberspace remains shrouded in a fog of war, and calls for holistic strategies to clear the way.

Shamoon, the computer virus that rapidly crippled over 30,000 computers of the Saudi Aramco energy company in 2012, was a harsh reminder of the potential devastation cyber-attacks can bring. Even though Shamoon took place outside Europe, it is clear that these dangers, unseen in the “fog of war” until it is too late, could easily spillover to European systems in future.

Such cyber threats are part of a greater evolving, complex, unpredictable and multifaceted environment. One of the key challenges is encourage further cooperation between states to create more effective capabilities and capacities that can rapidly respond to emerging sophisticated threats. But this requires not only military cooperation but a range of different partnerships ranging from government to critical national infrastructure in order to exchange information and experiences to build together a strong, resilient cyber capability.

As European integration is an on-going process, key sectors will further be intertwined though the information technology which we use on a daily basis. Cyberspace does not differentiate between military and civilian infrastructures. Critical National Infrastructure (CNI) such as oil and gas companies are vulnerable to cyber attacks by exploiting vulnerabilities in their SCADA systems. The costs of these attacks can be seen in Saudi Aramco, as well as Stuxnet.

But this is not just limited to oil and gas. There is numerous of examples that show the severity of the impact of cyber attacks throughout society. One of the key solutions is to prevent and mitigate cyber attacks through information sharing, and providing a greater situational awareness for actors. But this also brings a whole heap of challenges.

There is a dire need to further implement confidence building measures. The recent and on-going mistrust between nations can only grow: especially with the growing number of states exploring cyber offensive capabilities. Even though there are supranational initiatives, it still remains largely the responsibility of the state in bridging the gap between military and civilian organizations. One example can be seen in Finland, where public-private partnerships is based on mutual trust. There needs to be an international or regional framework to address complex questions in cyber space such as the legal complexities of a cyber attack involving a third party.

One of the major issues that we all face is that we do not know the cyber capabilities of potential threat actors. There is a literally fog of war in the cyberspace, each nation based on its own experience and capability perceives different threats and thus has different strategic priorities. This only fragments international cooperation, as well as the EU defence and security market, with conflicting priorities, as some nations look for solutions internally, while others externally.

As more emerging technologies are integrated in our daily lives, inevitably there will be more opportunities to exploit vulnerabilities. In order to develop holistic cyber strategies to protect our critical national infrastructure, we need to share information and to cooperate to steadily uncover the fog of war. After all, a cyber-attack in one distant region can easily spread to your own systems.